Networking Vendor Tries to Stop Cyberattacks Before They Happen

Internet backbone provider Level 3 Communications is applying predictive analytics against network traffic and says it can predict cyberattacks before they happen. This effort is patterned on techniques used by police in cities such as New York and Memphis, who use software to analyze disparate data points to predict where the next crime wave will occur.

The company decided about a year ago to go in this direction because of what it felt was a failure on the part of security vendors to effectively fight cybercrime. “We were a little frustrated with a lack of progress in the overall industry in trying to stop advanced persistent threats and botnet attacks,” Dale Drew, chief security officer at Level 3 Communications told CIO Journal. And while the company’s approach is promising, it’s not foolproof either.

Level 3 monitors about 32 billion messages that cross its network each day, which it stores for 18 months. Many of those messages are precursors to future attacks, and provide clues to impending attacks; for example, when a hacker wants to attack a company it does something called port scanning, which is much like casing a house before burglarizing it. By retrospectively analyzing that data, analytic software used by Level 3 can create profiles of suspicious behaviors that can be used to detect suspicious activity early in the game, or even before an attack happens, according to the company.

It’s very much like seeing a bad guy break into a house and then tracing his rental car back to the person who paid for the attack, said Drew. “The objective is for this to be predictive. If we see a bad guy scanning a customer, then we alert that customer. If we trace it back to the source, then we know that the bad guy likes to break into a certain industry, so we can alert that industry ahead of time,” he said.

But while analytics is becoming the “last hope” in cybersecurity, it still isn’t foolproof, said Avivah Litan, a cybersecurity analyst at Gartner. The attacks against banks, for example, are getting more frequent and more serious. Yet, analytics broke down in the attacks against major U.S. banks this fall because it was a different breed of malware that hadn’t been seen before, she said. “Analytics is promising, but it’s not proven, and we’ll see how smart analysts are at predicting attacks they’ve never seen before,” said Litan.

The factors that render the electrical grid vulnerable to cyber attack are strikingly similar to the cyber risk issues faced by health care, financial services, and other industries. But one recent malware campaign targeting utilities shows just how exposed the grid remains to cyber threats.